Encryption of AMD EPYC VMs Can Be Broken, Researchers Prove

A team of German researchers have found a serious security flaw in AMD’s EPYC datacenter processors that enables them to extract plain text data from VMs.

EPYC chips, which are mainly used in datacenter environments, are designed to automatically encrypt virtual machines (VMs) while in memory. The method EPYC chips use to do so is called Secure Encrypted Virtualization (SEV), and it keeps each VM in a different encrypted address space. SEV-encrypted data can only be decrypted as it’s leaving memory for the CPU and is automatically encrypted again when put back into memory.

It shouldn’t be possible for a VM to be decrypted by anything but the CPU of an EPYC chip—that means hypervisor, malware, and other services running on a server should all be locked out.

Read more at TechRepublic.

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio